Full_Name: Moriyoshi Koizumi Version: 2.4.40 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (14.3.144.188)
As LDIF backend tries to store the values for the attributes in "prettified" form and the value is transferred verbatim in wire, replication of pwdAttribute (1.3.6.1.4.1.42.2.27.8.1.1) ends up with the following error:
syncrepl_message_to_entry: rid=001 mo cheheck (pwdAttribute: value #0 invalid
per syntax)
The validation causing the error itself is done in the following part in servers/slapd/modify.c:
/* * check that each value is valid per syntax * and pretty if appropriate */ for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ ) { struct berval pval;
if ( pretty ) { rc = ordered_value_pretty( ad, &ml->sml_values[nvals], &pval, ctx ); } else { rc = ordered_value_validate( ad, &ml->sml_values[nvals], ml->sml_op ); }
if( rc != 0 ) { snprintf( textbuf, textlen, "%s: value #%ld invalid per syntax", ml->sml_type.bv_val, (long) nvals ); *text = textbuf; return LDAP_INVALID_SYNTAX; }
if( pretty ) { ber_memfree_x( ml->sml_values[nvals].bv_val, ctx ); ml->sml_values[nvals] = pval; } }
where pwdAttribute has the corresponding prettifier assigned to its schema (servers/slapd/overlays/ppolicy.c), which eventually is fed with the value in prettified form that will effectively make slap_bv2ad() in attrPretty() fail.
{ Syntax *syn; MatchingRule *mr;
syn = ch_malloc( sizeof( Syntax )); *syn = *ad_pwdAttribute->ad_type->sat_syntax; syn->ssyn_pretty = attrPretty; ad_pwdAttribute->ad_type->sat_syntax = syn;
mr = ch_malloc( sizeof( MatchingRule )); *mr = *ad_pwdAttribute->ad_type->sat_equality; mr->smr_normalize = attrNormalize; ad_pwdAttribute->ad_type->sat_equality = mr; }
The replication works fine for other such attributes that have the same syntax (OID, 1.3.6.1.4.1.1466.115.121.1.38) like objectClass because those attributes are accompanied by the validators as well as prettifiers which validate the value both in prettified and OID form. For instance, objectClass has the corresponding validator oialalidate() besides the prettifier objectClassPretty().